6844c95e4ed873e55a8b8625f3ef37a61027b6122c218f64d4040373f1c8a193 | Triage

Sharing

General

Target

6844c95e4ed873e55a8b8625f3ef37a61027b6122c218f64d4040373f1c8a193
Size

152KB
Sample

221020-b23xcahbdl
MD5

8110e09f22a3e291b4877c1e1f54ffd2
SHA1

2283ffc5fda725ff12a418755313571065115f41
SHA256

6844c95e4ed873e55a8b8625f3ef37a61027b6122c218f64d4040373f1c8a193
SHA512

3d3c5a43f2851558733f825acd073765845551b7ad9cf3019bf3c61c792dca10224da928c6834aa57ceac274a12e9cde2f184ca243e5cf8c54503880c4ee00b9
SSDEEP

3072:UiSzMr/Yt8wZfLOweRty9bWT4Ni4oQZiEWV:IzMrQ+YBeW96TgeWS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6844c95e4ed873e55a8b8625f3ef37a61027b6122c218f64d4040373f1c8a193
- Size
  
  152KB
- MD5
  
  8110e09f22a3e291b4877c1e1f54ffd2
- SHA1
  
  2283ffc5fda725ff12a418755313571065115f41
- SHA256
  
  6844c95e4ed873e55a8b8625f3ef37a61027b6122c218f64d4040373f1c8a193
- SHA512
  
  3d3c5a43f2851558733f825acd073765845551b7ad9cf3019bf3c61c792dca10224da928c6834aa57ceac274a12e9cde2f184ca243e5cf8c54503880c4ee00b9
- SSDEEP
  
  3072:UiSzMr/Yt8wZfLOweRty9bWT4Ni4oQZiEWV:IzMrQ+YBeW96TgeWS
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence